Reduce the cost of FISMA compliance

Imperva solutions enable many of the controls required by FISMA as well as guidelines provided by the National Institute of Standards and Technology (NIST), the Department of Homeland Security (DHS) and the Department of Defense (DoD).

NIST SP 800-137 ISCM

DOD DISA

Imperva data security solutions perform assessments based on the DISA STIG and documents vulnerabilities that put databases at risk and configurations that deviate from defined standards.

IRS 1075

Imperva data security solutions address multiple sections of this guideline, including audit and security guidance to ensure that access to FTI (federal tax information) is limited to only those individuals who are authorized to access and have a need to know.

FIPS 140-2 Standard

Imperva database, file, and web security solutions implement the FIPS 140-2 standard. Imperva data security solutions meet the following two key government requirements: United States FIPS 140-2 Cryptographic Module Validation Authority (CMVA), set by the National Institute of Standards and Technology; and the Canadian FIPS 140-2 CMVA, set by the Communications Security Establishment (CSE).

The certification above builds upon the previous Common Criteria certification for Information Technology Security Evaluation, Version 3.1 (Revision 3) with Evaluation Assurance Level 2 (EAL2) that SecureSphere v9.0 received in 2012. The certificate was issued by the NIAP, and the EAL2 validation report is available at https://www.commoncriteriaportal.org/files/epfiles/st_vid10466-vr.pdf.

Imperva is GSA approved

Imperva is a GSA approved vendor. For more information on our contract, please contact sales@imperva.com.

Imperva is a Continuous Diagnostics and Mitigation (CDM) approved vendor

The CDM is a $6B funded program by the Department of Homeland Security (DHS) that provides any civilian federal agency the tools and integration needed to protect the cyber infrastructure of the .gov network environment. Imperva is one of only 17 approved CDM vendors. The GSA and DHS use the GSA IT Schedule 70 as the contract vehicle. DHS will pay for the cost of CDM tools and integration if you participate via a Continuous Monitoring as a Service (CMaaS) task order. Learn more about how Imperva provides CDM services here.

Detect and block insider threats

Malicious, compromised, and careless insiders all have permission to access agency data. They pose the greatest risk and often go undetected until it’s too late. Imperva CounterBreach detects suspicious behavior by setting a baseline for ‘normal’ user behavior on databases, file servers, and SaaS applications, then automatically detects and flags suspicious data access events. You’ll spot the riskiest users and be able to stop insider data threats before they become breaches.

Stop application-level attacks

As agencies comply with the Digital Government Strategy to move online, they also create a massive attack surface for cyber criminals. Imperva WAF solutions stop application-level attacks and protect applications and the back-end data behind them. Imperva is the only web application firewall rated a leader for four years running in the Gartner Magic Quadrant for Web Application Firewalls report.

Stay one step ahead with Imperva threat intelligence

Imperva Threat Radar is an advance-warning system that stops emerging threats by collecting, comparing, and analyzing attack data from a variety of trusted sources, and provides SecureSphere web application and database firewalls with data on bad IPs, signatures, worms, and viruses. Global threat research from Imperva research team and community feeds from Imperva customers comprise the global threat intelligence updates that feed Imperva solutions.

Trusted by industry leaders

Thousands of customers worldwide, including government agencies, financial services firms, and healthcare companies, rely on Imperva to protect critical, sensitive data, and applications and ensure compliance.

GSA approved

Imperva is a GSA and CDM approved vendor.

The security features are the most comprehensive - especially on their DB Firewall - which is lightweight, yet powerful. On the WAF side, we like the fact that we could go with a cloud SaaS offering or an on-premises appliance. The vendor is easy to work with. Their product differentiates itself from the competitors in several ways. Their products are lightweight, yet powerful.Solutions Architect in the Government Industry (5-star rating on Gartner Peer Insights)